The General Data Protection Regulation (“GDPR”) is a new legal framework that comes into effect on May 25, 2018. The GDPR’s focus is the protection of personal data (i.e. data about individuals) and affects, among others, companies that process the personal data of individuals who are based in the EU. This includes suppliers and other third parties a company might utilize to process personal data. As a security-as-a-service provider, data privacy and security is at the core of our business and we are committed to protecting our customers’ personal data. We currently comply with applicable data protection regulations and are committed to GDPR compliance across our applicable products and services. Our internal cross-functional team has been working diligently to ensure our GDPR readiness.
The GDPR allocates responsibility between the data controller and the data processor with respect to the processing of personal data. Typically, Cyren will act as Processor when processing data on behalf of the Controller (i.e. enterprise customer, partner, OEM). Cyren will act as Controller when processing data on behalf of its employees and data subjects that have provided their information directly to Cyren (i.e. by registered for a seminar, white paper, etc). Under the GDPR, both the data controller and data processor have duties and obligations to protect personal data and both face liability for failures to comply with the GDPR requirements.